Cakephp gotcha: Don’t name controller the same as folder in webroot

February 13th, 2009

This one had me going for a bit, but if you name a controller the same as a file that is in the “webroot” folder, and try to navigate to it, cake will just show you a listing of all the files in the same named directory.

As an example, the “files” folder comes with the cakephp installation right?

Not knowing that, I tried to build a files controller and navigate to it.

but it takes me instead to

 
and here’s the listing of files

I’m thinking that this could actually be used against you as a vulnerability, so keep that in mind too.

Entry Filed under: cakephp

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">

Trackback this post  |  Subscribe to the comments via RSS Feed

Calendar

February 2012
S M T W T F S
« May    
 1234
567891011
12131415161718
19202122232425
26272829  

I recommend

Linode VPS's for Rails hosting

Heroku for mindless Rails hosting

Site 5 for shared Rails hosting and all round great service

Most Recent Posts

Categories